CVE-2024-12289

Published: Dic 12, 2024 Last Modified: Dic 29, 2025 EU-VD ID: EUVD-2024-3526 Aliases: GHSA-xx83-cxmq-x89m
ExploitDB:
Other exploit source:
Google Dorks:
MEDIUM 5,9
Source: [email protected]
Attack Vector: network
Attack Complexity: high
Privileges Required: none
User Interaction: none
Scope: unchanged
Confidentiality: none
Integrity: none
Availability: high

Description

AI Translation Available

Boundary Community Edition and Boundary Enterprise (“Boundary”) incorrectly handle HTTP requests during the initialization of the Boundary controller, which may cause the Boundary server to terminate prematurely. Boundary is only vulnerable to this flaw during the initialization of the Boundary controller, which on average is measured in milliseconds during the Boundary startup process.

This vulnerability, CVE-2024-12289, is fixed in Boundary Community Edition and Boundary Enterprise 0.16.4, 0.17.3, 0.18.2.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score
0,0020
Percentile
0,4th
Updated

EPSS Score Trend (Last 91 Days)

460

Improper Cleanup on Thrown Exception

Draft
Abstraction: Base Structure: Simple
Common Consequences
Security Scopes Affected:
Other
Potential Impacts:
Varies By Context
Applicable Platforms
Languages: C, C#, C++, Java
Likelihood of Exploit: Medium
View CWE Details
665

Improper Initialization

Draft
Abstraction: Class Structure: Simple
Common Consequences
Security Scopes Affected:
Confidentiality Access Control Availability
Potential Impacts:
Read Memory Read Application Data Bypass Protection Mechanism Dos: Crash, Exit, Or Restart
Applicable Platforms
All platforms may be affected
Likelihood of Exploit: Medium
View CWE Details
Application

Boundary by Hashicorp

Product Information
Vendor Hashicorp
Product Boundary
Version Range Affected
From 0.17.0 (inclusive)
To 0.17.3 (exclusive)
cpe:2.3:a:hashicorp:boundary:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Boundary by Hashicorp

Product Information
Vendor Hashicorp
Product Boundary
Version Range Affected
From 0.8.0 (inclusive)
To 0.16.4 (exclusive)
cpe:2.3:a:hashicorp:boundary:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Boundary by Hashicorp

Product Information
Vendor Hashicorp
Product Boundary
Version Range Affected
From 0.18.0 (inclusive)
To 0.18.2 (exclusive)
cpe:2.3:a:hashicorp:boundary:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://discuss.hashicorp.com/t/hcsec-2024-28-boundary-cont…
https://discuss.hashicorp.com/t/hcsec-2024-28-boundary-controller-incorrectly-h…